[security-announce] SUSE-SU-2015:2194-1: important: Security update for the Linux Kernel

4 Dec 2015

      SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2194-1
Rating:             important
References:         #814440 #867595 #904348 #921949 #924493 #930145 
                    #933514 #935961 #936076 #936773 #939826 #939926 
                    #940853 #941202 #941867 #942938 #944749 #945626 
                    #946078 #947241 #947321 #947478 #948521 #948685 
                    #948831 #949100 #949463 #949504 #949706 #949744 
                    #950013 #950750 #950862 #950998 #951110 #951165 
                    #951199 #951440 #951546 #952666 #952758 #953796 
                    #953980 #954635 #955148 #955224 #955422 #955533 
                    #955644 #956047 #956053 #956703 #956711 
Cross-References:   CVE-2015-0272 CVE-2015-2925 CVE-2015-5283
                    CVE-2015-5307 CVE-2015-7799 CVE-2015-7872
                    CVE-2015-7990 CVE-2015-8104
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Public Cloud 12
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 45 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
   various security and bugfixes.

   Following security bugs were fixed:
   - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
     Linux kernel did not ensure that certain slot numbers were valid, which
     allowed local users to cause a denial of service (NULL pointer
     dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
     (bnc#949936).
   - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the
     Linux kernel had an incorrect sequence of protocol-initialization steps,
     which allowed local users to cause a denial of service (panic or memory
     corruption) by creating SCTP sockets before all of the steps have
     finished (bnc#947155).
   - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
     kernel did not properly handle rename actions inside a bind mount, which
     allowed local users to bypass an intended container protection mechanism
     by renaming a directory, related to a "double-chroot attack (bnc#926238).
   - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
     users to cause a denial of service (host OS panic or hang) by triggering
     many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
   - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
     users to cause a denial of service (host OS panic or hang) by triggering
     many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
     (bnc#953527).
   - CVE-2015-7990: RDS: There was no verification that an underlying
     transport exists when creating a connection, causing usage of a NULL
     pointer (bsc#952384).
   - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
     the Linux kernel allowed local users to cause a denial of service (OOPS)
     via crafted keyctl commands (bnc#951440).
   - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
     of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
     Router Advertisement (RA) message, a different vulnerability than
     CVE-2015-8215 (bnc#944296).

   The following non-security bugs were fixed:
   - ALSA: hda - Disable 64bit address for Creative HDA controllers
     (bnc#814440).
   - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236
     (bsc#953796).
   - Btrfs: fix file corruption and data loss after cloning inline extents
     (bnc#956053).
   - Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
   - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
   - Fix regression in NFSRDMA server (bsc#951110).
   - KEYS: Fix race between key destruction and finding a keyring by name
     (bsc#951440).
   - KVM: x86: call irq notifiers with directed EOI (bsc#950862).
   - NVMe: Add shutdown timeout as module parameter (bnc#936076).
   - NVMe: Mismatched host/device page size support (bsc#935961).
   - PCI: Drop "setting latency timer" messages (bsc#956047).
   - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).
   - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
   - SUNRPC: Fix oops when trace sunrpc_task events in nfs client
     (bnc#956703).
   - Sync ppc64le netfilter config options with other archs (bnc#951546)
   - Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
   - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another
     task (bsc#921949).
   - apparmor: temporary work around for bug while unloading policy
     (boo#941867).
   - audit: correctly record file names with different path name types
     (bsc#950013).
   - audit: create private file name copies when auditing inodes (bsc#950013).
   - cpu: Defer smpboot kthread unparking until CPU known to scheduler
     (bsc#936773).
   - dlm: make posix locks interruptible, (bsc#947241).
   - dm sysfs: introduce ability to add writable attributes (bsc#904348).
   - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
   - dm: do not start current request if it would've merged with the previous
     (bsc#904348).
   - dm: impose configurable deadline for dm_request_fn's merge heuristic
     (bsc#904348).
   - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).
   - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,
     v2 (bsc#942938).
   - drm/i915: add hotplug activation period to hotplug update mask
     (bsc#953980).
   - fanotify: fix notification of groups with inode and mount marks
     (bsc#955533).
   - genirq: Make sure irq descriptors really exist when __irq_alloc_descs
     returns (bsc#945626).
   - hv: vss: run only on supported host versions (bnc#949504).
   - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
   - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags
     (bsc#947321).
   - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).
   - ipv6: Extend the route lookups to low priority metrics (bsc#947321).
   - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).
   - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).
   - ipv6: distinguish frag queues by device for multicast and link-local
     packets (bsc#955422).
   - ipvs: drop first packet to dead server (bsc#946078).
   - kABI: protect struct ahci_host_priv.
   - kABI: protect struct rt6_info changes from bsc#947321 changes
     (bsc#947321).
   - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).
   - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
   - kabi: Restore kabi in struct se_cmd (bsc#954635).
   - kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
   - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).
   - kgr: fix migration of kthreads to the new universe.
   - kgr: wake up kthreads periodically.
   - ktime: add ktime_after and ktime_before helper (bsc#904348).
   - macvlan: Support bonding events (bsc#948521).
   - net: add length argument to skb_copy_and_csum_datagram_iovec
     (bsc#951199).
   - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()
     (bsc#951199).
   - pci: Update VPD size with correct length (bsc#924493).
   - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
     (bsc#949706).
   - ring-buffer: Always run per-cpu ring buffer resize with
     schedule_work_on() (bnc#956711).
   - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
   - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds
     (bsc#930145).
   - rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).
   - sched/core: Fix task and run queue sched_info::run_delay inconsistencies
     (bnc#949100).
   - sunrpc/cache: make cache flushing more reliable (bsc#947478).
   - supported.conf: Add missing dependencies of supported modules hwmon_vid
     needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by
     ramoops
   - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio
   - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
   - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).
   - target/rbd: fix PR info memory leaks (bnc#948831).
   - target: Send UA upon LUN RESET tmr completion (bsc#933514).
   - target: use "^A" when allocating UAs (bsc#933514).
   - usbvision fix overflow of interfaces array (bnc#950998).
   - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
   - vmxnet3: adjust ring sizes when interface is down (bsc#950750).
   - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at
     runtime, instead of top-down (bsc#940853).
   - x86/evtchn: make use of PHYSDEVOP_map_pirq.
   - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,
     bnc#955148).
   - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in
     remove_pagetable() (VM Functionality, bnc#955148).
   - xfs: DIO needs an ioend for writes (bsc#949744).
   - xfs: DIO write completion size updates race (bsc#949744).
   - xfs: DIO writes within EOF do not need an ioend (bsc#949744).
   - xfs: always drain dio before extending aio write submission (bsc#949744).
   - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
   - xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
   - xfs: factor DIO write mapping from get_blocks (bsc#949744).
   - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
   - xfs: move DIO mapping size calculation (bsc#949744).
   - xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
   - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
     (bnc#951165).
   - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2015-945=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-945=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      kernel-default-debuginfo-3.12.51-52.31.1
      kernel-default-debugsource-3.12.51-52.31.1
      kernel-default-extra-3.12.51-52.31.1
      kernel-default-extra-debuginfo-3.12.51-52.31.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      kernel-obs-build-3.12.51-52.31.1
      kernel-obs-build-debugsource-3.12.51-52.31.1

   - SUSE Linux Enterprise Software Development Kit 12 (noarch):

      kernel-docs-3.12.51-52.31.5

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      kernel-default-3.12.51-52.31.1
      kernel-default-base-3.12.51-52.31.1
      kernel-default-base-debuginfo-3.12.51-52.31.1
      kernel-default-debuginfo-3.12.51-52.31.1
      kernel-default-debugsource-3.12.51-52.31.1
      kernel-default-devel-3.12.51-52.31.1
      kernel-syms-3.12.51-52.31.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      kernel-xen-3.12.51-52.31.1
      kernel-xen-base-3.12.51-52.31.1
      kernel-xen-base-debuginfo-3.12.51-52.31.1
      kernel-xen-debuginfo-3.12.51-52.31.1
      kernel-xen-debugsource-3.12.51-52.31.1
      kernel-xen-devel-3.12.51-52.31.1

   - SUSE Linux Enterprise Server 12 (noarch):

      kernel-devel-3.12.51-52.31.1
      kernel-macros-3.12.51-52.31.1
      kernel-source-3.12.51-52.31.1

   - SUSE Linux Enterprise Server 12 (s390x):

      kernel-default-man-3.12.51-52.31.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.51-52.31.1
      kernel-ec2-debuginfo-3.12.51-52.31.1
      kernel-ec2-debugsource-3.12.51-52.31.1
      kernel-ec2-devel-3.12.51-52.31.1
      kernel-ec2-extra-3.12.51-52.31.1
      kernel-ec2-extra-debuginfo-3.12.51-52.31.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-3_12_51-52_31-default-1-2.2
      kgraft-patch-3_12_51-52_31-xen-1-2.2

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      kernel-default-3.12.51-52.31.1
      kernel-default-debuginfo-3.12.51-52.31.1
      kernel-default-debugsource-3.12.51-52.31.1
      kernel-default-devel-3.12.51-52.31.1
      kernel-default-extra-3.12.51-52.31.1
      kernel-default-extra-debuginfo-3.12.51-52.31.1
      kernel-syms-3.12.51-52.31.1
      kernel-xen-3.12.51-52.31.1
      kernel-xen-debuginfo-3.12.51-52.31.1
      kernel-xen-debugsource-3.12.51-52.31.1
      kernel-xen-devel-3.12.51-52.31.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      kernel-devel-3.12.51-52.31.1
      kernel-macros-3.12.51-52.31.1
      kernel-source-3.12.51-52.31.1

References:

   https://www.suse.com/security/cve/CVE-2015-0272.html
   https://www.suse.com/security/cve/CVE-2015-2925.html
   https://www.suse.com/security/cve/CVE-2015-5283.html
   https://www.suse.com/security/cve/CVE-2015-5307.html
   https://www.suse.com/security/cve/CVE-2015-7799.html
   https://www.suse.com/security/cve/CVE-2015-7872.html
   https://www.suse.com/security/cve/CVE-2015-7990.html
   https://www.suse.com/security/cve/CVE-2015-8104.html
   https://bugzilla.suse.com/814440
   https://bugzilla.suse.com/867595
   https://bugzilla.suse.com/904348
   https://bugzilla.suse.com/921949
   https://bugzilla.suse.com/924493
   https://bugzilla.suse.com/930145
   https://bugzilla.suse.com/933514
   https://bugzilla.suse.com/935961
   https://bugzilla.suse.com/936076
   https://bugzilla.suse.com/936773
   https://bugzilla.suse.com/939826
   https://bugzilla.suse.com/939926
   https://bugzilla.suse.com/940853
   https://bugzilla.suse.com/941202
   https://bugzilla.suse.com/941867
   https://bugzilla.suse.com/942938
   https://bugzilla.suse.com/944749
   https://bugzilla.suse.com/945626
   https://bugzilla.suse.com/946078
   https://bugzilla.suse.com/947241
   https://bugzilla.suse.com/947321
   https://bugzilla.suse.com/947478
   https://bugzilla.suse.com/948521
   https://bugzilla.suse.com/948685
   https://bugzilla.suse.com/948831
   https://bugzilla.suse.com/949100
   https://bugzilla.suse.com/949463
   https://bugzilla.suse.com/949504
   https://bugzilla.suse.com/949706
   https://bugzilla.suse.com/949744
   https://bugzilla.suse.com/950013
   https://bugzilla.suse.com/950750
   https://bugzilla.suse.com/950862
   https://bugzilla.suse.com/950998
   https://bugzilla.suse.com/951110
   https://bugzilla.suse.com/951165
   https://bugzilla.suse.com/951199
   https://bugzilla.suse.com/951440
   https://bugzilla.suse.com/951546
   https://bugzilla.suse.com/952666
   https://bugzilla.suse.com/952758
   https://bugzilla.suse.com/953796
   https://bugzilla.suse.com/953980
   https://bugzilla.suse.com/954635
   https://bugzilla.suse.com/955148
   https://bugzilla.suse.com/955224
   https://bugzilla.suse.com/955422
   https://bugzilla.suse.com/955533
   https://bugzilla.suse.com/955644
   https://bugzilla.suse.com/956047
   https://bugzilla.suse.com/956053
   https://bugzilla.suse.com/956703
   https://bugzilla.suse.com/956711

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] SUSE-SU-2015:2194-1: important: Security update for the Linux Kernel

opensuse-security＠opensuse.org